diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-11-27 11:08:20 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-11-27 11:11:34 -0800 |
| commit | dfa0964be0dffd2369fe65c80896c371e30a625f (patch) | |
| tree | 5646ad5ec4a0059ac34ddf2d66b6b6dca40014ad /profiles/reverse-proxy.nix | |
| parent | rename synology-vm to bree (diff) | |
| download | infra-dfa0964be0dffd2369fe65c80896c371e30a625f.tar.gz | |
configure rate limiting for nginx
Diffstat (limited to '')
| -rw-r--r-- | profiles/reverse-proxy.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/profiles/reverse-proxy.nix b/profiles/reverse-proxy.nix index dd98ff2..f136ba0 100644 --- a/profiles/reverse-proxy.nix +++ b/profiles/reverse-proxy.nix @@ -41,6 +41,14 @@ in recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; + commonHttpConfig = '' + # limit clients doing too many requests + # can be tested with ab -n 20 -c 10 <host> + limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=10r/s; + + # limit clients opening too many connections + limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m; + ''; virtualHosts = { "code.fcuny.net" = { enableACME = true; |